|
|
|
|
|
|
by Someone
3184 days ago
|
|
|
I think encryption uses a generated key to encrypt most of the disk, and stores that key encrypted with the user password on the disk. That makes changing the password fast; they only need to re-encrypt the encrypted key with the new password, and write it out. Problem is that an attacker who knows the old password may already have decrypted the generated key, so they can decrypt the encrypted data from the raw data, even after the password was changed. Erasing generates a new key for the data. I think it could be done without reformatting, but they still would have to read each block, decrypt with the old key, encrypt with the new, and write back the result. Testing the recovery procedure for that (how do you know where to restart that after it crashed?) would be a challenge, though. |
|
|
As you point out, erasure can rotate keys. What Apple apparently didn't provide was a straightforward way for key rotation as a key management function. This surely appears to have been rushed to market.